Como ahora estamos declarando esos scopes, aparecerán en la documentación de la API cuando inicies sesión/autorices.

Y podrás seleccionar cuáles scopes quieres dar de acceso: `me` y `items`.

Este es el mismo mecanismo utilizado cuando das permisos al iniciar sesión con Facebook, Google, GitHub, etc:

<img src="/img/tutorial/security/image11.png">

## Token JWT con scopes

success.update_crawler_params = Paramètres mis à jour.
success.delete_doc_from_index = Démarrage d'un processus de suppression de documents d'un index.
success.crawling_info_delete_all = Données de session supprimées.
success.start_crawl_process = Démarrage d'un processus d'exploration.
success.upload_design_file = {0} mis à jour.
success.update_design_jsp_file = {0} mis à jour.

labels.crawling_info_search=Cerca
labels.crawling_info_reset=Reset
labels.crawling_info_link_top=Informazioni di scansione
labels.crawling_info_link_details=Dettagli
labels.crawling_info_session_id_search=ID sessione
labels.crawling_info_session_id=ID sessione
labels.crawling_info_created_time=Creato
labels.crawling_info_delete_all_link=Elimina tutto
labels.crawling_info_delete_all_confirmation=Sei sicuro di voler eliminare tutto?

     * @return the calculated hash
     */
    public static byte[] nTOWFv1(final String password) {
        return getNTHash(password);
    }

    /**
     * Creates the NTLM2 session response for the supplied information.
     *
     * @param passwordHash the password hash to use
     * @param serverChallenge the server challenge bytes
     * @param clientChallenge the client challenge bytes

labels.crawling_info_search=Search
labels.crawling_info_reset=Reset
labels.crawling_info_link_top=Crawling Info
labels.crawling_info_link_details=Details
labels.crawling_info_session_id_search=Session ID
labels.crawling_info_session_id=Session ID
labels.crawling_info_created_time=Created
labels.crawling_info_delete_all_link=Delete All
labels.crawling_info_delete_all_confirmation=Are you sure you want to delete all?

*   `tf.compat.v1.Session`
    * `tf.compat.v1.Session.partial_run` and `tf.compat.v1.Session.partial_run_setup` will be deprecated in the next release.

### Known Caveats

* `tf.lite`

     * transformation, and data extraction.
     *
     * @param crawlingConfig the crawling configuration to use
     * @param crawlingInfoId the crawling session ID
     * @param url the URL to process
     * @return a map containing the processed document data
     * @throws CrawlingAccessException if crawling fails or configuration is invalid

            assertFalse(isValid, "Tampered data should fail verification");
        }

        @Test
        @DisplayName("Should handle different session keys")
        void testDifferentSessionKeys() throws GeneralSecurityException {
            byte[] sessionKey1 = new byte[16];
            Arrays.fill(sessionKey1, (byte) 0x11);

    }

    @Test
    void testDoFilter_sessionWithoutAuth_shouldChallenge() throws Exception {
        // Initialize filter first
        initializeFilter();

        // Test that having a session but no auth still challenges
        when(request.getHeader("Authorization")).thenReturn(null);
        when(httpSession.getAttribute("NtlmHttpAuth")).thenReturn(null);

        message[46] = 22; // Max Length
        message[47] = 0;
        message[48] = (byte) 132; // Offset
        message[49] = 0;
        message[50] = 0;
        message[51] = 0;

        // Session Key (empty, offset 154)
        message[52] = 0; // Length
        message[53] = 0;
        message[54] = 0; // Max Length
        message[55] = 0;
        message[56] = (byte) 154; // Offset